General use and ownership
It is approved users’ responsibility to be aware of this policy and to conduct their activities accordingly.
- Information provided for or by the Government Technology Platforms, including but not limited to: network accounts, cloud environments, data and information are the property of NSW Government Digital Channels. They are provided to NSW Government employees and other authorised individuals and bodies in relation to the discharge of activities directly related to their responsibilities.
- Government Technology Platforms information stored on any device irrespective of the owner of the device remains the property of Government Technology Platforms.
- All approved users have a responsibility to use or share Government Technology Platforms information assets only to the extent it is authorised, compliant with the Data Privacy and Protection Policy and necessary to fulfill their assigned role.
- All approved users have a responsibility to promptly report to management, any observed or suspected information security weaknesses in systems or services, the theft/loss/unauthorised disclosure of Government Technology Platforms information or assets.
- Use of Government Technology Platforms information assets and computing devices (including the use of a personal device to access Government Technology Platforms networks) are subject to monitoring to ensure this use of Government Technology Platforms information assets does not interfere with the Government Technology Platforms mission and does not violate Government Technology Platforms polices, standards, government directives or legislation or pose a risk to Government Technology Platforms infrastructure, assets, reputation, or business.
- Non-Government Technology Platforms information which is either created, collected, stored or transmitted using a Government Technology Platforms information asset and a computing device will be considered as Government Technology Platforms information and subject to standard retention, monitoring, auditing, logging, destruction processes and security protocols. This information is considered to be ‘held’ by Government Technology Platforms and may be subject to a request for access by any individual under the Government Information (Public Access) Act 2009 or the Privacy and Personal Information Protection Act 1998.
Corporate resources secure usage
- Authentication information (for example: passwords) must not be physically written down and must not be stored in clear text. Regardless of the authentication type (password, token etc.), it must not be shared with anyone other than the owner or user and must be used only by the approved user.
- User permissions must be removed on cessation of employment or authorised use. User permissions may also be removed or modified during change of role unless a prior arrangement is approved by the present and future managers or an authorised approver.
- Users should follow the Government Technology Platforms Privacy Management Framework when applying, modifying classification labeling, and when securing and managing information assets.
- Information being sent over email, or any other messaging/collaboration platform is subject to NSW Information Classification, Labeling and Handling Guidelines and Department of Customer Service Privacy Management Plan. As such these correspondences must be labelled in alignment with these policies and must follow the classifications handling requirements.
- Users should use secure tools available, such as Teams, SharePoint, OneDrive, SHIFT, or appropriate Customer Relationship Management (CRM) platforms like Salesforce when sharing sensitive or personal information and not send them as attachments and as content in emails in accordance
- Government provided email addresses must not be used to subscribe to services or websites that are not work-related. Similarly, users should not use corporate credentials to sign up to non-work-related services or websites.
Compliance, monitoring and review
This policy will be monitored and reviewed by Government Technology Platforms Audit Risk and Compliance team as per the process mentioned in Government Technology Platforms Information Security Policy.
Need more support on Privacy for nsw.gov.au?
Request support for Privacy enquiries now and our Privacy team will be in touch to assist you.